RedDrop spyware: a new version of Android malware that was spotted in 53 apps

Recently discovered RedDrop malware seems to be the most sophisticated version of Android virus[1] yet. The malware was found in 53 apps whose installation lead to privacy-related issues. This malicious program is designed to steal personal information and money.

Security firm Wander discovered malware spreading via malicious ads on Baidu – Chinese search engine. Clicking on the infected ad leads to huxiawang[.]cn site which triggers redirect to one of 4,000 domains that are used for spreading one of 53 apps with RedDrop malware.

Once inside, the malware installs a bunch of spying tools to steal personal information which is being sent to remote Dropbox and Google Drive folders that belong to cyber criminals. Aggregated information might be used for further cyber attacks.

RedDrop malware is used for stealing personal information

As soon a user downloads a malicious app, malware connects to its Command and Control (C&C) server and downloads around seven additional APKs which have different functionalities. However, the most important and threatening task of the virus is spying and SMS fraud.

According to the analysis,[2] this Android malware sends an SMS message to premium services every time a user launches and touches the screen using an infected app. To hide this activity, the malware also deletes these sent messages. Therefore, a victim can only notice a huge phone bill at the end of the month.

However, being charged for premium services is not the biggest problem. The main purpose of RedDrop is to steal various personal information from the user, such as:

Therefore, malware puts user’s privacy at risk. It’s unknown how and when cyber criminals use aggregated information. However, the worst scenario is identity theft. Fortunately, malicious apps were taken down, but Android users should still be careful with app downloads.

Users are reminded to download applications from the legitimate app stores

RedDrop malware did not make it to Google Play Store. Malicious apps were available on more than 4,000 third-party domains. Such distribution method proves the fact that it’s important to download apps from the official stores.

Third-party app stores or unknown download websites are often used for malware distribution. Downloading apps from such sources often lead to infiltration of spyware, malware, and other mobile viruses. Thus, you should stick to official app stores to minimize the risk of malware attack.

However, mobile viruses can sneak into Google Play[4] and other official app stores. For this reason, you should always do preparatory work before hitting “Install” button:

Check information about developers. Download apps created only by well-known developers.

Read user reviews. Keep in mind that reviews in the app store might be fake, so look up for user feedback online.

Do not download low rated apps. Low rating always informs about possible dangers or malfunction of the app.

Check app permissions.[5] If the app wants to get full access to your phone or asks for more permissions than its operation needs, do not install the app.